REMARKS 



In the Office Action, Claims 1-4 are pending and stand rejected. In this Response, 
Claims 1 and 4 are amended, Claim 3 is cancelled and no claims are added. Applicants 
respectfully request reconsideration of pending Claims 1-2 and 4 in view of at least the following 
remarks. 

I. Claims Rejected Under 35 U.S.C. §103 

Claims 1-4 are rejected under 35 U.S.C. §103 as being unpatentable over U.S. Patent 
Publication No. 2003/0212903 to Porras ("Porras") in view of U.S. Patent No. 7,234,168 to 
Gupta (" Gupta "). Applicant respectfully traverses the aforementioned rejection for the following 
reasons. 

Claim 1 recites: 

1 . A method for detecting abnormal traffic at a network level using a 
statistical analysis, the method comprising the steps of: 

a) gathering local traffic data from each network device and integrating a plurality 
of the local traffic data to generate traffic data in the network level by a single traffic 
sensing module : 

b) extracting a characteristic traffic data based on the traffic data in the network 

level; 

c) comparing the characteristic traffic data with a characteristic traffic data profile 
resulting from statistical computations and representing normal traffic, and determining 
whether there is abnormal traffic in the network; 

d) updating the characteristic traffic data profile using the characteristic traffic 
data if there is no abnormal traffic in the network, analyzing a volume amount of the 
abnormal traffic and monitoring the abnormal traffic if there is abnormal traffic in the 
network; and 

e) transmitting the analysis result of the seriousness of the abnormal traffic 
to an abnormal traffic processing system to detect abnormal traffic without 
operation of a network manager , and processing the abnormal traffic to prevent a 
network failure . 



While Applicants' argument here is directed to the cited combination of references, it is 
necessary to first consider their individual teachings, in order to ascertain what combination (if 
any) could be made from the cited references. 
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Porras discloses a plurality of service monitors 16A-16C, domain monitors 16D-16E, and 
enterprise monitor 16F. From all of the monitors, Porras must collect data. That is, Porras does 
not teach Applicant's amended Claims 1 and 4 recitation of a single traffic sensing module, as in 
Claim 1. 

As correctly recognized by the Examiner, Porras fails to teach or suggest a single traffic 
sensing module, as in Claim 1 . As a result, the Examiner cites Gupta , which according to the 
Examiner, teaches that it is well known to have traffic sensing module and refers to FIG. 2, unit 
52, which Gupta refers to as a sensor management module. (See pg. 3, para. 3 of the Office 
Action mailed 2/5/2008.) 

Gupta generally relates to a method of provisioning computers against computer attacks. 
Gupta describes the constructing of a hierarchy characterizing different computer attacks and 
counter measures and traversing this hierarchy to identify computer attacks and counter measures 
relevant to a target platform. As further described by Gupta , the detection and protection 
measures are then downloaded to a security sensor associated with the target platform. (See col. 
2, lines 3-11.) However, rather than disclosing a single traffic sensor module to gather local 
traffic data and integrate the local traffic data to generate traffic data at a network level, Gupta 
discloses that local sensor modules 27 may be distributed throughout a network. ( See col. 3, 
lines 35-37.) 

Furthermore, the sensor module 52, as shown in FIG. 2 of Gupta , is part of a sensor 22 
which is included in each local sensor security module (LSSM). (See FIGS. 1 and 2.) As 
indicated above, Gupta discloses that the local sensor security modules are distributed 
throughout the network. (See Supra.) As a result, the Examiner has failed to identify, and we 
are unable to discern any portion of Gupta which discloses, teaches, or suggests gathering local 
traffic data from each network device and integrating a plurality of local traffic data to generate 
traffic data in the network level by a single traffic sensing module, as in Claim 1 . 

Moreover, neither Porras nor Gupta discloses, teaches, or suggests transmitting the 
analysis result of the seriousness of the abnormal traffic to an abnormal traffic processing system 
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to detect abnormal traffic without operation of a network manager and processing the abnormal 
traffic to prevent a network failure, as in Claim 1. Hence, no combination of Porras in view of 
Gupta can disclose, teach, or suggest transmitting the analysis result of the seriousness of the 
abnormal traffic to an abnormal traffic processing system to detect abnormal traffic without 
operation of a network manager, and process the abnormal traffic to prevent a network failure, as 
in Claims 1 and 4. 

For each of the above reasons, therefore, Claim 1 and all claims which depend from 
Claim 1, are patentable over Porras in view of Gupta as well as the references of record. 
Consequently, Applicants respectfully request the Examiner reconsider and withdraw the 
§ 103(a) rejection of Claims 1 and 2. 

Each of Applicant's other independent claims includes limitations similar to those in 
Claim 1 discussed above. Therefore, all of Applicants' other independent claims, and all claims 
which depend on them, are also patentable over the cited prior art for similar reasons. 
Consequently, Applicants respectfully request that the Examiner reconsider and withdraw the 
§ 103(a) rejection of Claim 4. 

DEPENDENT CLAIMS 

In view of the above remarks, a specific discussion of the dependent claims is considered 
to be unnecessary. Therefore, Applicants' silence regarding any dependent claim is not to be 
interpreted as agreement with, or acquiescence to, the rejection of such claim or as waiving any 
argument regarding that claim. 

PETITION FOR EXTENSION OF TIME 

Per 37 C.F.R. 1.136(a) and in connection with the Office Action mailed on February 5, 
2008, Applicant respectfully petitions Commissioner for a one (1) month extension of time, 
extending the period for response to June 5, 2008. Please charge Deposit Account No. 02-2666 
in the amount of $120.00 to cover the petition filing fee. 
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CONCLUSION 



In view of the foregoing, it is believed that all claims now pending (1) are in proper form, 
(2) are neither obvious nor anticipated by the relied upon art of record, and (3) are in condition 
for allowance. A Notice of Allowance is earnestly solicited at the earliest possible date. If the 
Examiner believes that a telephone conference would be useful in moving the application 
forward to allowance, the Examiner is encouraged to contact the undersigned at (310) 207-3800. 

If necessary, the Commissioner is hereby authorized in this, concurrent and future replies, 
to charge payment or credit any overpayment to Deposit Account No. 02-2666 for any additional 
fees required under 37 C.F.R. §§ 1.16 or 1.17, particularly, extension of time fees. 



Respectfully submitted, 



BLAKELY, SOKOLOFF, TAYLOR, & ZAFMAN LLP 




1279 Oakmead Parkway 
Sunnyvale, California 94085-4040 



I hereby certify that this correspondence is being submitted electronically 
via EFS Web on the date shown below to the United States Patent and 
Trademark Office. 



CERTIFICATE OF TRANSMISSION 



Telephone (310) 207-3800 
Facsimile (408) 720-8383 
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